Skillv1.7.0

ClawScan security

RSoft Agentic Bank · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 22, 2026, 8:05 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match a lending workflow, but important inconsistencies and the financial impact of following its steps (unknown publisher, AWS Lambda endpoint that doesn't match the claimed official domain, and autonomous use of your payment skill/wallet) make it risky without further verification.
Guidance: Treat this as potentially risky until you can verify the publisher and the API endpoint. Before installing or enabling: 1) Verify the publisher/domain: confirm rsoft-agentic-bank.com is owned by the publisher and that the site documents the same AWS Lambda endpoint or provides source code. 2) Prefer open-source code or a GitHub release you can inspect; instruction-only skills that control money are higher risk. 3) Confirm the API has proper authentication and review its privacy/security policy — the SKILL.md shows no API key or signature scheme. 4) If you test, use a throwaway wallet with only minimal testnet funds and monitor transactions. 5) If you don't fully trust the endpoint or publisher, do not point a production wallet (or any wallet with non-trivial funds) at this skill. Additional information that would raise confidence to 'benign': a verifiable repository or signed release from the claimed publisher, the domain and API endpoint matching (or a documented CNAME/config), and clear authentication/authorization for API calls.

Review Dimensions

Purpose & Capability: noteThe declared purpose (agent-accessible loans and repayments on Base Sepolia) aligns with the actions the SKILL.md instructs (curl calls to a lending API + using the payment skill to send USDC). Requiring the payment skill and wallet is expected for on-chain transfers. However, the skill claims an official website (rsoft-agentic-bank.com) but all runtime API calls point to an opaque AWS Lambda URL rather than the same domain; the source is unknown. That mismatch is unexpected and worth verifying.
Instruction Scope: concernInstructions direct the agent to contact an external API (the provided AWS Lambda URL) for sensitive operations (loan issuance, credit checks, and repayment confirmations) and to use the local payment skill scripts which hold wallet access. Although those actions are in-scope for a lending skill, the SKILL.md gives no authentication mechanism for the API (no API key, signatures, or proof the endpoint is operated by the claimed publisher). The combination of an unauthenticated external endpoint + automated on-chain transfers increases risk.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, which is the lowest install risk. Nothing is written to disk by the skill itself.
Credentials: noteThe skill requests no environment variables or credentials directly, which is proportionate. However, it requires the 'payment' skill to be installed and a funded wallet stored in the payment skill's scripts directory (~/.openclaw/skills/payment). That implicit dependency grants the skill the ability to cause real on-chain transfers (loans and repayments) via the payment skill — a high-impact capability even though no new credentials are requested.
Persistence & Privilege: okThe skill is not marked always:true and does not request system-wide configuration changes. Autonomous invocation is allowed (default) which is expected for skills; combining that with the ability to trigger payments is the primary operational risk but does not by itself indicate elevated privileges.